Add lock to PerspectiveManager

[sc1f]

This PR adds the lock attribute to PerspectiveManager, which will reject the following remote messages that can mutate the state of Tables and Views under management:

• table
• table.update
• table.clear
• table.replace
• table.reset
• table.delete

PerspectiveManagers exposed over the internet should be locked, either by calling .lock() or initializing with lock=True. This PR also includes tests and a compact example demonstrating message rejection when the manager is locked.

[timkpaine]

I understand the concept but if we want to prevent js client modifications, this should be a construction time attribute that cannot be undone (e.g. no unlock). As is this current PR feels like "authentication-light" which is not something we want to be doing.

[sc1f]

I understand the concept but if we want to prevent js client modifications, this should be a construction time attribute that cannot be undone (e.g. no unlock). As is this current PR feels like "authentication-light" which is not something we want to be doing.

Agreed - wondering if we should just default the manager to locked as well

[timkpaine]

Agreed - wondering if we should just default the manager to locked as well

I think so.

The followup question is do you want to implement a token-granting system for perspective? This would be just on the client-server api, basically the ability to:

• restrict read/write access (separately) using a token
• ask the server for a new token
• ask the server to revoke a token
• tell the server about existing tokens, how to auth them

Then web servers could either provide a token scheme, or otherwise put the token granting behind an authenticated api (using their own authentication). This keeps us out of the authentication business while still allowing perspective to work nicely in authenticated contexts.

[sc1f]

Yeah this is definitely working up to a token-based authentication scheme for the remote API.

Adding a lock is mostly for being able to host python-based perspective remote examples on the internet without having to worry about getting the example table cleared/deleted remotely.

[texodus]

This language simplifies things a bit :)

[texodus]

Thanks for the PR! Changes look good!

Perspective is not currently scoped for granular, secure, full duplex communications to a virtual host. The intention of this feature is to simply allow read-only mode for documented APIs that are vandalism-prone for use in kiosk/demo mode, after whatever necessary mutable setup is done.